Validate console input before passing it to the server

Author: metabrixkt

paper-server/src/main/java/com/destroystokyo/paper/console/PaperConsole.java

@@ -3,8 +3,12 @@
 import io.papermc.paper.configuration.GlobalConfiguration;
 import io.papermc.paper.console.BrigadierCompletionMatcher;
 import io.papermc.paper.console.BrigadierConsoleParser;
+import net.kyori.adventure.text.Component;
+import net.kyori.adventure.text.format.NamedTextColor;
 import net.minecraft.server.dedicated.DedicatedServer;
+import net.minecraft.util.StringUtil;
 import net.minecrell.terminalconsole.SimpleTerminalConsole;
+import org.bukkit.Bukkit;
 import org.bukkit.craftbukkit.command.ConsoleCommandCompleter;
 import org.jline.reader.LineReader;
 import org.jline.reader.LineReaderBuilder;
@@ -45,10 +49,24 @@ protected void runCommand(String command) {
         // terminals interpret pressing [enter] and pasting a multi-line string differently,
         // the latter makes the line reader read it as a single line - and we don't want that
         // https://github.com/PaperMC/Paper/issues/13006
+        outer:
         for (String line : command.split("\n")) {
             if (line.isEmpty()) {
                 continue;
             }
+
+            for (char character : line.toCharArray()) {
+                if (!StringUtil.isAllowedChatCharacter(character)) {
+                    Bukkit.getConsoleSender().sendMessage(
+                        Component.text()
+                            .append(Component.text("Illegal console input character: 0x"))
+                            .append(Component.text(Integer.toHexString(character)))
+                            .color(NamedTextColor.RED)
+                    );
+                    continue outer;
+                }
+            }
+
             this.server.handleConsoleInput(line, this.server.createCommandSourceStack());
         }
     }